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[57] ABSTRACT 

An encryption module for encrypting financial and other 
sensitive data may be conveniently interposed in series 
between a personal computer and the keyboard associated 
therewith. An application program designed to run on the PC 
is configured to prompt the user to enter his PIN or other 
confidential data into the encryption module; consequently 
the confidential data need not be transmitted in an unen- 
crypted fashion, and need not reside on the PC hard drive in 
an unencrypted form. 
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METHODS AND APPARATUS FOR 
SECURELY ENCRYPTING DATA IN 
CONJUNCTION WITH A PERSONAL 
COMPUTER 

CROSS-REFERENCE TO RELATED 
APPLICATIONS 

This application is a continuation-in-part of, and claims 
the benefit of, U.S. application Ser. No. 08/609,273, filed 
Mar. 1, 1996, which itself is a continuation of, and claims the 
benefit of, U.S. application Sen No. 08/210,200, filed Mar. 
18, 1994, now U.S. Pat. No. 5,517,569, issued May 14, 
1996. 

TECHNICAL FIELD 

The present invention relates, generally, to methods and 
apparatus for encrypting and manipulating confidential data 
and, more particularly, to techniques for transmitting 
encrypted data to a host computer from a remote personal 
computer. 

BACKGROUND ART AND TECHNICAL 
PROBLEMS 

Systems for performing financial transactions from a 
remote location, e.g., the home, office, or retail facility, are 
becoming increasingly popular. The proliferation of per- 
sonal computers, and particularly in conjunction with 
modems, permits a consumer to effect bill paying, retail 
purchasing, banking, and other commercial transactions 
remotely, thus avoiding the need to travel to attend to routine 
commercial matters. 

Presently known systems typically comprise a host com- 
puter located at a central data processing site, which is 
configured to communicate with a large number of remote 
personal computers (PC). When an individual desires to 
effect a financial transaction, for example to order merchan- 
dise and pay for the merchandise or services via a credit 
account, debit account, digital "coins" or the like, the user 
constructs a data link between his PC and the host computer 
via the PC's modem. Upon ordering the appropriate 
merchandise, the user may enter an account (e.g., credit 
card) number corresponding to the account to which the 
merchandise is to be charged. The purchase request is then 
transmitted from the PC to the host computer, whereupon the 
transaction is verified by the host computer. 

Presently known systems are limited, for example, in their 
ability to effect the real time transfers of funds, due to 
various problems associated with the transmission of 
encrypted data. More particularly, real time transfers of 
funds are typically effected through the use of an automatic 
teller machine (ATM). In a typical ATM transaction, the user 
enters an account number onto a keypad or, alternatively, 
inserts a bank card into the ATM whereupon the account 
information is "read" from the magnetic strip located on the 
back of the bank card. Thereafter, the user enters a personal 
identification number (PIN) into the keypad to enable the 
transaction. By properly entering the PIN associated with 
the bank card, the fraudulent use of such cards is greatly 
reduced. The extension of the aforementioned ATM para- 
digm to home use is problematic, however, in that presently 
known systems for transmitting encrypted data (e.g., PINS) 
are unsatisfactory. 

More particularly, although techniques for encrypting 
PINs and other confidential data and information are gen- 
erally well known, current banking and other financial 
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industry regulations are calculated to limit the extent to 
which confidential data may be transmitted in a non- 
encrypted form. In the context of a PC used to remotely 
effect a commercial transaction, it is possible to encrypt the 

5 confidential data at the PC and thereafter transmit the 
encrypted data to the host computer. However, presently 
known systems generally require that the confidential data 
(e.g., PIN) be entered into the computer via the keyboard 
associated with the PC, whereupon the PC's processor 

10 controls the encryption process. Thus, the data is essentially 
transmitted from the keyboard to the PC mother board over 
the physical wires connecting the keyboard to the PC box. 
Thereafter, the unencrypted data, i.e., prior to completing the 
encrypting process, necessarily resides on the mother board, 

is for example prior to and during the encryption process. It is 
believed that sophisticated electronic "listening" devices 
could thus be employed to detect the confidential data 
between the time it is entered into the keyboard by the user 
and the time at which encryption is complete. 

20 A system is thus needed which overcomes the shortcom- 
ings of the prior art. 

SUMMARY OF THE INVENTION 

The present invention provides methods and apparatus for 

25 transmitting encrypted data which overcomes the shortcom- 
ings of the prior art. 

In accordance with one aspect of the present invention, a 
system for transmitting encrypted data comprises a host 

30 computer connected to a remote data processing device (e.g., 
a desktop-type PC, laptop computer, or the like) which 
includes a keyboard or other suitable mechanism for enter- 
ing confidential data into the remote device. In accordance 
with a first embodiment of the invention, the remote pro- 

35 cessing device comprises a laptop PC having an integral 
alphanumeric keyboard, with an encryption module con- 
nected to the PS/2 port of the laptop. In accordance with this 
first embodiment, the encryption module comprises a key- 
pad or other data capture device which permits the user to 

40 directly enter confidential data (e.g, PIN) into the encryption 
module. The encryption module thereafter encrypts the 
confidential data and transmits the encrypted data to the 
laptop PC, whereupon the encrypted data may be transmit- 
ted to the host computer via modem. In this way, the data 

45 need not reside in the PC in an unencrypted form; moreover, 
the data is transmitted from the encryption module to the 
laptop in an encrypted form, thereby reducing the risk that 
electronic "listening" devices may intercept the unencrypted 
data. 

50 In accordance with a second embodiment of the present 
invention, the encryption circuitry is integrated into a 
keyboard, mouse, or other peripheral associated with a 
desktop, laptop, or other PC, such that confidential data may 
be encrypted in the peripheral device itself, whereupon the 

55 confidential data is transmitted to the PC and manipulated by 
the PC in an encrypted form. 

In accordance with a third embodiment of the present 
invention, a self-contained, stand-alone transaction module 
comprises a processor having an integral data acquisition 

60 module (e.g., keypad) associated therewith, such that con- 
fidential data may be entered into the keypad and encrypted 
within a single, integral unit, thus avoiding the need for 
transmission wires between a remote keypad and the encryp- 
tion processing circuitry. 

65 In accordance with a further aspect of the invention, the 
encryption module may be configured to transmit and/or 
receive confidential data to and/or from a remote computer 
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in addition to the PC. The encryption module may also be performance of host computer system 102, and an audit 

equipped with various peripheral devices useful in entering system 116 which permits the operator of system 100 to 

data and information, for example magnetic head card periodically audit the data and information resident within 

readers, "smart card" or integrated circuit card (ICC) host computer 102. 

readers, bar code readers, voice recognition devices, s As discussed in greater detail below, various networks 

scanners, and the like. In this way, confidential data in 104-108 are suitably operated by independent entities which 

virtually any medium may be captured by the encryption desire to conduct business and/or other transactions with 

module and encrypted prior to transmission to the PC and/or various consumers through host computer 102, for example 

subsequent processing, such that the potential for the unau- wherein each of respective PCs 110A-110N are conve- 

thorized detection of the unencrypted data is minimized. 10 niently disposed within a consumer's home, office, retail 

outlet, and the like. 

BRIEF DESCRIPTION OF THE DRAWING ^ . L p J L J . 

FIGURES accordance with a preferred embodiment or the present 

invention, data, including confidential data, may be entered 

The present invention will hereinafter be described in into one of respective PCs 110, and encrypted as discussed 

conjunction with the 25 appended drawing figures, wherein 15 in greater detail below, the encrypted data thereafter being 

like numerals designate like elements, and transmitted from the PC to host computer 102 along a 

FIG. 1 is a schematic block diagram of a transaction suitable data link 118, In accordance with one aspect of the 

authorization system in accordance with the present inven- invention, data link 118 may comprise a transmission wire 

tion; (e.g., a telephone line, fiber optic cable, or the like) or 

FIG. 2 is a front elevation view of a PC having an 2 ° alternatively may comprise a wireless link, for example 

encryption module integrated therewith; microwave, radio frequency (RF) or other suitable data 

- . , . . . , - . . transmission medium. 

FIG. 3 is a schematic block diagram of an integral „ . ^ ^ „ . ( . , „ 

encryption module; Referring now to FIG. 2, in accordance with a preferred 

iTi^ c a ac in a u . t.*u*u embodiment of the present invention, an exemplary PC 110 

FIGS. 4 and 6-10 are flow charts setting forth the opera- 25 M] risesascreen202j abox 204 forhousi inter 

e ^ emplary a PP hcatl ™ P u r °g ram executed by the ^ ^ co £ ti circuit associaled with PC V a 

PC of FIG. 2 in accordance with the present invention; keyboard 2Q6 cormected t0 box 204 via a cormector 210 , and 

FIG. 5 is a display of various icons useful in conjunction a m0 use 208 useful in executing interactive programs. In a 

with the software shown in FIG. 4; ^ fi ret pre ferred embodiment of the present invention, an 

FIG. 11 is an alternate embodiment of the encryption encryption module 214 may be conveniently interposed 

module shown in FIG. 2; between keyboard 206 and box 204, for example in series 

FIG. 12 is a schematic block diagram of the functional with connector 210. In the illustrated embodiment, module 

aspects of the encryption module of FIG, 2; 214 suitably comprises a module connector 212 configured 

FIG. 13 is a schematic circuit diagram of the processor 35 t0 easv installation of module 214. More particularly, 

embodied in the encryption module of FIG. 2; a distal end 216 of connection 210 is -normally plugged into 

- - . , rt, i a mating connector (not shown) on box 204 during normal 
FIG. 14 is a schematic circuit diagram of the keypad operation of the PC . When it is desired to install module 214, 

shown in HG. 2, connector end 216 may simply be detached from box 204, 

FIG. 15 is a schematic circuit diagram of an analog switch and a distal end 218 of connect or 212 connected to box 204 

used in the encryption module of the present invention; at the same site; con nector end 216 of connector 210 is 

FIGS. 16 and 17 are schematic circuit diagrams of a suitably connected to module 214, for example in much the 

magnetic strip reader circuit; same manner as distal end 216 would otherwise be con- 

FIGS. 18-20 are schematic memory maps of various nected to box 204. In this way, module 214 may be conve- 

memory sectors associated with the processor of FIG. 13; 45 niently interposed between keyboard 206 and box 204 

FIGS. 21-36, are flow chart diagrams setting forth various without opening box 204, a procedure not readily acceptable 

functional features of the encryption module of the present to most computer users. 

invention; and In an alternate embodiment of the subject invention, the 
FIGS. 37-39, are block diagram schematic drawings of encryption circuitry and various of the peripheral devices 
various embodiments of the present invention. 50 discussed herein associated with module 214 may be con- 
veniently incorporated into keyboard 206 during mamifac- 
DETAILED DESCRIPTION OF PREFERRED ture 0Fj retrofit, thus avoiding the need for at least the keypad 
EXEMPLARY EMBODIMENTS portion of module 214. 
Referring now to FIG. 1, a remote transaction system 100 With momentary reference to FIG. 3, yet a further alter- 
suitably comprises a host computer system 102 which may 55 native embodiment suitably comprises a self contained, 
be interfaced with one or more transaction networks, for integral module 300 including at screen 306, a computer 
example a bill paying network 104, a banking system 304, a keyboard 302, a modem connection 308, and an 
network 106, and various other network systems 108, for accessory connector 310 for interfacing module 300 with 
example state lottery purchase networks, retail shopping various preferred devices, for example bar code readers, 
purchase networks, mail order purchase networks, and the 60 smart card readers, magnetic strip readers and the like. In 
like. Remote transaction system 100 further comprises a accordance with the embodiment in FIG. 3, only those 
plurality of remote data processing terminals llOa-110/i, for components necessary to effect the specific functions dis- 
example a PC of the type typically used by a home con- cussed need be incorporated into module 300 resulting in 
sumer. Remote transaction system 100 may also comprise substantial cost savings over the PC embodiment shown in 
various diagnostic and maintenance apparatus, for example 65 FIG. 2. However, it will be appreciated that, for those 
a network transmit test system 112 and a network transmit consumers who already own a PC, the embodiment illus- 
receive system 114 suitably utilized to periodically test the trated in FIG. 2 may be preferable inasmuch as a conven- 
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tional PC may be readily adapted in accordance with the suitably entails procedures for permitting a user to order 

present invention by incorporating module 214 into PC 110. various products (e.g., grocery products) by entering the 

Referring now to FIGS. 4-10, an exemplary remote ordered item into PC 110. 

transaction application program useful in accordance with In accordance with the further aspect of the invention, 

the present invention will now be described. s neighborhood shopping operation 410 may be further imple- 

. ir# , 4 . , r , r:,^ A , , t . mented with the use of a bar code reader in the following 

With particular reference to FIG. 4, a suitable application manner 

program may be executed using a (WINDOWS) format . , 4 A . „ , ... 

which presents the user with various menu selections. Those . J* 1 ™ consumer products are typically equipped with a 

i -ii j * ^ •« i . UPC label, bar code, or other indicia representing the 
skilled in the art will appreciate that the user may select particular product. A bar code reader assembly (not shown), 
various options using keyboard 206 or mouse 208 (see FIG. £ 0f examp f e a hand hdd wand> may be suitab ^ y ^ by 
2) as is known in the art. Although the subject application consumer to enter into a memory array associated with the 
program is described herein in the context of the WIN- bar code reader pro d U cts which the consumer desires to 
DOWS embodiment, it will be appreciated that the subject purc hase, for example from a grocery store. After accumu- 
invention may be implemented in the context of any con- lating products wn ich the consumer desires to purchase for 
venient applications environment. a period of timCj the product digit stored in the bar code 
With continued reference to FIG. 4, upon activating the reader memory may be "dumped" into an appropriate 
WINDOWS capability of PC 110 (step 402), the user may memory location in PC 110 during the operation of, for 
select one of a plurality of menu options 406-416, for example, shopping operation 410. In this way, the consumer 
example by double clicking mouse 208 (step 404). More ^ ma y select the products to be purchased over a period of 
particularly and with momentary reference to FIG. 5, the time, analogous to constructing a grocery list. When it is 
user may select banking operation 406 corresponding to icon desired to purchase the items, indicia of the accumulated list 
506, a bill paying operation 408 represented by icon 508, a may be transmitted via data link 118 (see FIG. 1) to host 
neighborhood shopping operation 410 represented by icon computer 102 whereupon a grocery network 108 retrieves 
510, a mail ordering operation 412 represented by icon 512, ^ the data and assembles the groceries for the consumer. If 
a state lottery operation 414 represented by icon 514, a file desired, the grocery store cooperating with grocery network 
operations 416 corresponding to 516, at PC setup operation 108 may deliver the grocery items to the consumer's 
418 corresponding to icon 518, a hardware test operation residence, with the groceries being paid for in accordance 
420 corresponding to icon 520, a display time operation 422 with, inter alia, the principles set forth in bill paying opera- 
corresponding to icon 522, or a tutorial operation 424 ^ tion 408 or banking operation 406 as described in greater 
represented by icon 524. Although the illustrated icons detail below. 

shown in FIG. 5 are useful in the context of the illustrated Referring now to FIGS. 4 and 6, banking operation 406 

embodiment, it will be appreciated that any suitable icon or suitably permits the user to select one or more banking 

other mechanism for selecting various program options may options, for example a funds transfer operation 602, and 

be employed in the context of the present invention. account inquiry operation 604, or a smart card funds transfer 

Moreover, the menu options set forth in FIGS. 4 and 5 are 606. In addition banking operation 406 may also permit the 

merely exemplary; various combinations of the menu user t0 ex j t t0 tne main menu 400 (step 608). 

options shown in the Figures, alone or in combination with Referring now to FIGS. 6 and 7, funds transfer operation 

other menu options not set forth herein may also be 602 suitably entails a selection of a particular bank account 

employed in the context of the present invention. ^ (step 610) for example a sav i n gs account, checking account, 

With continued reference to FIG. 4, tutorial operation 424 money market account, and the like. When the account 

suitably entails an explanation of the various menu options which the user desires to debit is selected, the system 

and an explanation of how to use the options. Display time suitably prompts the user to enter an amount which is to be 

option 422 suitably displays the system time in any desired transferred or paid (step 702), for example by entering an 

format. Hardware test operation 420 is suitably configured 45 amount into PC 110 via keyboard 206 (704). If no amount 

to allow the user to verify the integrity of various hardware \$ entered after a predetermined time or if an incorrect 

components and preferable devices useful in the context of amount (e.g., "zero", a negative amount, or an amount which 

the present invention. exceeds the predetermined threshold), the system may 

Setup operation 418 suitably permits the user to configure resume its previous processing path (step 706). If a correct 

various parameters associated with the operation of the 50 amount of funds to be paid or transferred is entered by the 

system and methods discussed herein. user, the user may be suitably prompted to select the method 

File operation 416 suitably allows the user to manipulate of payment (step 708), whereupon a transaction request is 

various data structures useful in the context of the present suitably transmitted from PC 110 to module 214 (step 710), 

invention. as discussed in greater detail below. 

Lottery operation 414 may be configured to permit the 55 In accordance with one aspect of the present invention, it 

user to purchase lottery tickets for example via modem from may be desirable to permit particular transactions, e.g., 

his state of residence or from any other state or municipality, transactions involving the transfer of money, only upon the 

depending on the regulation governing the sale of such satisfaction of certain threshold conditions. For example, it 

tickets. may be desirable to permit a funds transfer only if a receipt 

Mail ordering operation 412 suitably entails procedures 60 evidencing the transaction may be printed at a printer which 

for ordering merchandise from PC 110, for example from a is located proximate PC 110. 

mail order catalog. In this regard, module 214 (see FIG. 2) More particularly and with continued reference to FIG. 7, 

or, alternatively, box 204 may be suitably equipped with a the system may be suitably configured to confirm: (1) 

bar code reader so that merchandise may be automatically whether PC 110 is equipped with or otherwise has access to 

selected by scanning the bar code associated with the 65 a local printer; and (2) that the aforementioned printer is 

merchandise. The same bar code technique may also be equipped with paper upon which a receipt may be printed 

employed in the context of shopping operation 410, which (step 712). 
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If PC 110 either does not have a printer associated with it may suitably be configured to prompt the user to select a 

or if it has a printer but the printer it out of paper, the system particular account subject to inquiry (steps 612), whereupon 

may prompt the user to install an appropriate printer and/or the system suitably returns to step 712 (see FIG. 7). 

paper (step 714), whereupon the system again checks to if the user selects smart card fund transfer operation 606, 

confirm the presence of a functional printer (step 718). If a 5 the system may be suitably configured to prompt the user to 

functional printer still is not detected, an appropriate error insert a smart card into an appropriate smart card reader 

message is generated. module (step 614) (not shown). 

If it is determined that PC 110 has a functioning printer More particularly and with reference to FIG. 9, those 

associated therewith, PC 110 is suitably configured to trans- skilled in the art will appreciate that integrated circuit cards 

mit a command to module 214 which causes module 214 to 30 (ICC), also known as smart cards, typically comprise a 

enter a "swipe" mode of operation (step 716), discussed in microprocessor embedded within the card, as well as an 

greater detail below in conjunction with FIGS. 27 and 28. electronic mechanism for permitting data transfer to and 

The user may thereafter enter the appropriate account data, from the card. That being the case, account information and, 

for example by swiping a transaction card through a mag- indeed, funds may be electronically "added" to or "sub- 

netic card reader, entering a smart card into a smart card 15 tracted" from the card by making appropriate modification 

reader associated with PC 110 entering account data via to the data resident on the card. 

keyboard 206, or any other convenient mechanism for wilh continued reference to FIG. 9, if the user desires to 

entering account data associated with PC 110 or modem 214 ac jd funds to the smart card (step 902), the system may be 

(step 720). suitably configured to effect a process analogous to that set 

Referring now to FIG. 8, once the account data is entered, 20 forth in FIG. 7; namely, the user may select an account from 

PC 110 may suitably be configured to display the account which funds are to be withdrawn and applied to the smart 

data on screen 202 (step 802). The particular transaction card, as well as the amount of funds to be so applied. The 

being performed by the user is of a type which does not user may then be prompted to enter the smart card into a 

require the transmission of confidential data (e.g., PIN), the smart card reader/writer module (not shown) affiliated with 

account data and the funds transfer/bill payment data dis- 25 either PC 110 or module 214 to effect the electronic update 

cussed above may be assembled and transmitted to host of the data resident on the smart card. In addition, the system 

computer 102 via data link 118 for processing (step 812). If, may be configured to require a functioning printer as a 

on the other hand, the particular transaction requires the prerequisite to effecting the foregoing smart card updating 

entry of confidential information, the system may be suit- function, as desired. 

ably configured to prompt the user to enter such confidential 30 \f f G n the other hand, the user desires to "withdraw*' funds 

information (step 804). from tne sma rt card (step 904), the system may prompt the 

More particularly, in order to facilitate the entry, encryp- user to select the destination of the funds withdrawn from 

tion and transmission of encrypted confidential data, PC 110 the smart card (step 906), and to request the user to enter a 

may be suitably configured to send a command signal to 35 PIN or other confidential data (step 908). In this regard, the 

module 214 to place module 214 into a "scan" mode (step entry of such confidential information is suitably effected in 

806), as discussed in greater detail below in conjunction a manner analogous to that described below in conjunction 

with FIGS. 21 and 25. In accordance with the embodiment with FIGS. 11, 14, and 25-28. Upon entry of the PIN, the 

shown in FIG. 2, the user may then enter such confidential smart card transaction may be suitably affected via the smart 

information via the keypad associated with module 214 or in 4Q card reader /writer circuit (not shown) associated with either 

the context of the embodiment shown in FIG. 3, via keypad PC 110 or module 214, 

302. In the alternate embodiment discussed above wherein Referring once again to FIG. 4, upon the selection of bill 

the encryption circuitry and/or software is integrated into paying operation 408, the system may be configured to 

keyboard 106, the user may enter the confidential informa- prompt the user to add a new bill to the bill paying operation 

tion directly via keyboard 206. In any event, the manner in 45 ( step 1002 of FIG. 10). More particularly, the bill paying 

which module 214 (or module 300 in accordance with the function of the subject system suitably entails a method of 

embodiment shown in FIG. 3) receives, encrypts, and trans- keeping track of various bills, for example department store 

mits the encrypted data is discussed more fully in conjunc- bills, credit card bills, utility bills, and the like in conjunction 

tion with FIGS. 21-29. with PC 110. If the user desires to add a new billing entity 

Upon entering all the information necessary to reflect a 50 to the billing operation, for example a new department store 

particular transaction, the system may suitably prompt the charge account, the data corresponding to the new account 

user to determine whether the user desires to enter another may be entered into PC 110 by the user (step 1008), for 

transaction. If so, the system returns to step 702; if no further example via keyboard 206. 

transactions are desired, PC 110 suitably packages and The system may be further configured to display various 

transmits the transaction data to host computer 102 via data 55 bills comprising billing operation 408 (step 1004 of FIG. 

link 118. In this regard, any suitable mechanism for data io), permitting the user to either exit to the main menu (step 

transmission may be employed, for example a modem 1010) or, alternatively, to select a particular bill for payment 

connected to box 204 or, alternatively a modem connected ( step 1006). Once a particular bill is selected for payment, 

directly to module 214 as discussed in greater detail below the system is suitably configured to effect payment of the bill 

(step 812). 60 i n accordance with the steps described in conjunction with 

Once host 102 has confirmed the transaction (step 814), FIG. 7. 

the printer (not shown) associated with PC 110 and dis- it will be appreciated that at various times during the 

cussed above suitably prints a transaction record (receipt) execution of the foregoing application program, the users are 

(step 816), and the system again returns to main menu 400 required to enter various account, PIN, and other informa- 

(step 818). 65 tion and/or data into the system, for example via module 

Returning now to FIG. 6, if the user desires to inquire as 214. Thus, in accordance with one aspect of the present 

to an account balance and/or status (step 604), the system invention, module 214 may be suitably configured to assume 
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a plurality of different modes, depending on the particular 
function then being effected. The circuitry comprising mod- 
ule 214 which permits module 214 to assume these various 
operational states will now be described, followed by a 
functional description of the various operational modes 5 
associated with module 214. 

With momentary reference to FIG. 11, module 214 may 
suitably assume any desired configuration, for example the 
sloping, contoured embodiment shown in FIG. 11. In 
particular, module 214 suitably comprises a housing 1100, 10 
for example an injection molded plastic housing similar to 
the conventional "mouse" typically employed in conjunc- 
tion with personal computers. In accordance with the 
embodiment shown in FIG. 11, module 214 suitably com- 
prises a keypad 1102, for example corresponding to the 1S 
numbers 0-9, and further including inter alia, various 
functions, for example an enter (E) and cancel (C) button. 
Module 214 further comprises a card reader slot 1104 
configured to receive transaction cards of the type bearing a 
magnetic strip, and an ICC (smart card) slot 1106 configured 20 
to accept a smart card into read and/or write data to/from the 
smart card. 

Referring now to FIG . 12, module 214 suitably comprises 
a keypad circuit 1204 associated with keypad 1102 (FIG. 
11), a magnetic strip reader circuit 1206 associated with 
magnetic strip reader 1104, a microcontroller 1212, a 
modem 1202, a smart card reader circuit 1208 associated 
with ICC slot 1106, and a clock/data box 1218 configured to 
effect communication between microcontroller 1212 and 
box 204 via connector 212 as well as microcontroller and 
keyboard 206 via connector 210. In addition, module 214 
suitably comprises a control gate 1222 for selectively estab- 
lishing communication between module 214 and PC 110. 

With continued reference to FIG. 12 and further reference 
to FIG. 13, microprocessor 1212 suitably comprises a model 
MC68HC11E9 microprocessor manufactured by Motorola, 
Inc. Processor 1212 suitably interfaces with a power circuit 
1302 configured to apply 5 volts powered to V dd1 and an 
oscillator circuit 1304 configured to apply a predetermined 49 
clock pulse to a clock port 1308, for example at a frequency 
in the range of 4 MHZ to 12 MHZ, and to most preferably 
8 MHZ. Processor 1212 further comprises a reset circuit 
1306 configured to selectively apply a reset signal to a reset 
port 1310 of processor 1212. 

In addition, processor 1212 is suitably equipped with the 
following input/output ports which, in the illustrated 
embodiment, are configured as follows: 



Port No. 


Function 


paO 


card swipe input/output (channel 1) 


pal 


card swipe input/output (channel 2) 


pa2 


modem interrupt 


pa3 


read/write 


pa4 


ale 


pa5 


cs 


pa6 


output to "system validation" LED 


pa7 


(smart card) read/write data 


pbO 


keypad row 1 


pbl 


keypad row 2 


pb2 


keypad row 3 


pb3 


keypad row 4 


pb4 


buffer enable 


pb5 


smart card clock 


pb6 


smart card control 


pcO 


dO parallel data interface to modem 


pel 


dl parallel data interface to modem 


pc2 


d2 parallel data interface to modem 



25 



30 



35 



45 



55 



60 



65 
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A 

-continued 


Port No. 


Function 


pc3 


A1 11 1 A ' ^ A 

d3 parallel data interlace to modem 


pc4 


d4 parallel data interface to modem 


pc5 


d5 parallel data interface to modem 


pc6 


d6 parallel data interface to modem 


pc7 


d7 parallel data interface to modem 


pdO, pdl 


interface to pen tec bar code reader data loader 


pd2 


pc clock 


pd3 


pc data 


pd4 


keyboard clock 


pd5 


keyboard data 


pcO 


keypad column 1 


pel 


keypad column 2 


pe2 


keypad column 3 



Referring now to FIGS. 12-14, keypad 1102 is suitably 
connected with the various ports associated with processor 
1212 as set forth in FIG. 14. 

Refer now to FIGS. 12-13 and 15, control gate 1222 
suitably comprises an analog switch, for example a module 
no. 74HC4066 manufactured by Motorola, Inc. Switch 1222 
suitably comprises four internal switches a-d, which are 
suitably simultaneously controlled by the output of port pb4, 
such that internal switches a-d are either all open or all 
closed in accordance with the logic value of the output of 
port pb4. Generally speaking, in essentially all operational 
states of module 214, internal switches a-d will remain 
open, effectively isolating keyboard 206 from box 204. 
During the transparent mode (discussed below), internal 
switches a-d will typically remain closed, permitting normal 
communication between the keyboard and the PC. 

With continued reference to FIGS. 12-13 and 15, the 
buffer enable signal from port pb4 of processor 1212 is 
suitably applied to control gate 1222. In addition, the 
keyboard clock and keyboard data signals are transmitted 
between ports pd4 and pd5, respectively, of microprocessor 
1212 to a databus 1219 extending from switch 1222 to 
keyboard 206 via connector 210. Similarly, the PC clock and 
PC data signals are transmitted between ports pd2 and pd3, 
of microcontroller 1212 to a databus 1218 extending 
between control gate 1222 and box 204 (FIG. 1) via con- 
nector 212. 

Referring now to FIGS. 12, 13 and 16, a first embodiment 
of magnetic strip reader circuit 1206 associated with mag- 
netic strip reader 1104 (FIG. 11) suitably comprises a 
magnetic reader head 1602, for example a 1.6 micro henry 
inductor coil, respective first and second amplifiers 1604 and 
1606, for example model no. LM324a operational 
amplifiers, respective comparators 1608 and 1610, for 
example model no. LM393, and an inverting schmidt trigger 
1612, for example part no. 74HC14. 

More particularly and with continued reference to FIG. 
16, a transaction card of the type bearing a magnetic strip is 
suitably slid through magnetic strip reader 1104 of module 
214 (FIG. 11) such that the magnetic strip magnetically 
engages reader head 1602. The output of coil 1602 is 
suitably applied to the inverting input of amplifier 1606 
which suitably exhibits a gain on the order of 20. The output 
of amplifier 1604 is suitably applied to the noninverting 
input of amplifier 1606. The output of amplifier 1606 is 
suitably applied to the noninverting input of comparator 
1608 and to the inverting input of comparator 1610. By 
applying a determined threshold voltage to the inverting 
input of amplifier 1608, and by, also applying a predeter- 
mined threshold voltage to the non- inverting input of ampli- 
fier 1610, a series of logic hi and logic low pulses are applied 
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to tbe input of schmidl trigger 1612, which inputs are Upon entering the reset condition, system initialization is 

effectively rectified, squared and sharpened into a binary executed (step 2104). 

square wave by the schmidt trigger/comparator combina- More particularly and with momentary reference to FIG. 

tion. The output of schmidt trigger 1612 is a function of the 22, system initialization step 2104 suitably entails various 

output of coil 1602 and corresponds to the data which is 5 initialization steps (21046), including, inter alia: 

magnetically encoded into the magnetic strip which is drawn ^ Initializing the current mode to transparent mode, for 

through magnetic card reader 1104. The output of schmidt exam fc b ^ currem mode> istef m4 (see 

trigger 1612 correspond to the channel 1 swrpe data applied FIG. 18) to the transparent mode condition, as dis- 

to port paO of processor 1212. m detafl bek)w . 

The magnetic head reader circuit of FIG . 16 is particularly 10 2 Initializing previous mode register 1806 to - no mode"; 

useful in the context of cards bearing magnetic stnps which • - 

comprise a single "track", or single column of magnetically 3 " ^JJ^Jj! SySt6m m ^ Xs t0 a PP r °P" ate to &g« 

encoded information. Alternatively, many magnetic strips of ' 

the type typically found on transaction cards comprise two 4 - Enat >ling interrupts from the PC interface bus (e.g., 

or more separate magnetic columns embedded within the is connector 212); and 

magnetic strip. In such cases, it may be desirable to employ 5. Initializing the PC interface temporary buffer 1808 to 

dual magnetic reader coils in the context of card reader slot "empty". 

1104. The relevancy of the foregoing initialization steps are dis- 

More particularly and referring now to FIG. 17, an cusscd in S reater detail below in conjunction with ensuing 

alternate embodiment of circuit 1206 suitably comprises 20 description of the operation of module 214. 

respective first and second reader coils 1603a and 1603*> u P on completing system initialization, the system enters 

which are suitably configured to read the corresponding first a svstem redirect state (step 2106), whereupon the system 

and second magnetic rails (not shown) comprising the dual then enters tne appropriate operational mode; in the context 

rail magnetic strip associated with a transaction card. In the of s y stem start U P> the s y stem wiU default t0 transparent 

alternative embodiment shown in FIG. 17, the circuit essen- 25 mode > as forth above m conjunction with system initial- 

tially comprises two of the circuits shown in FIG. 16 nation step 2104(fc). 

configured to generate respective outputs 1702 and 1704 More particularly, a preferred embodiment of the present 

which are suitably applied to respective ports paO and pal of invention employs an interrupt-based processing scheme 

processor 1212 within module 214. Thus, as the system flows through the 

n c • . t-t^o 1 o m j * 30 main operational loop set forth in FIG. 21, the system will 

Referring now, to FIGS. 18-20 and with momentary c " . v . f ' _ * TT 

c . CT p n * 11 in-! * ui from time to time receive interrupts from PC 110. Upon 

reference to FIG. 12, microcontroller 1212 suitably com- r .. . . „. r t - 

prises a random access memory (RAM) 1802, a read only recei P l of \ , m ? de chan S e interrupt command from PC U0, 

mrMkM\ mm a ui i * n processor 1212 causes module 214 to terminate the then 

memory (ROM) 1902 and an erasable electronically pro- r . , r 

grammable read only memory (EEPROM) 2002. ™ l mode ' and enter s y stem redlrect < s,e P fro u m 

, , . , , „ A „ . . , . . 35 which the appropriate new operational mode may be 

More particularly, RAM 1802 suitably comprises, inter entered 

alia, respective memory sectors 180^1836 corresponding Ffom ^ main x governing the operation of 

to various addresses m RAM 1802. As discussed below in moduk n4 showQ in nG 21 ^ m eQter 0Qe 

conjunction with the operational states of module 214 of a number of tional states as a result of a number of 

various predetermined data are suitably stored and retneved 4Q edkate instructions . More particularly, the system may 

in data sectors 1804-1836 during operation of module 214. ^ ctn ^ operational slates as controUe d by the execut- 

With continued reference to FIG. 19, the operating code able resident within sector 1904 of ROM 1902. In 

(operational program) which controls the operation of mod- addition, the system may enter certain operational states as 

ule 214 is suitably stored in a first sector 1904 in ROM 1902. a result of commands received from PC 110, as set forth in 

Moreover, vanous interrupt sectors, useful in the operation 45 more detail m conjunction with FIG. 23. 

of module 214 are suitably stored in a second sector 1906 Referring now to FIG. 23, PC 110 from time to time sends 

within ROM 1902. interrupt commands to module 214 via connector 212 (step 

Referring now to FIG. 20, EEPROM memory map 2002 2302). 

suitably comprises non-volatile memory for use in storing Upon receipt of a PC interrupt, the interrupt data packet 

encryption keys associated with the encryption algorithm 50 received from PC 110 is suitably stored in sector 1808 of 

employed in the context of the present invention to encrypt ram igo2 (step 2304). The system then determines if the 

confidential data. More particularly, EEPROM 2002 suit- complete message (interrupt data packet) was received from 

ably comprises a first sector 2004 corresponding to future pc HO; if not, the system returns to main loop 2100. If a 

encryption keys, a second sector 2006 corresponding to the complete message is received at module 214, the system 

serial number of the initial encryption key and a third sector 55 determines if the data corresponds to a command instruction 

2008 corresponding to an encryption counter. In accordance or whether the message corresponds to other than a com- 

with one aspect of the present invention, any suitable mand instruction (step 2308). 

encryption algorithm may be employed by module 214, If the message corresponds to data other than a command 

module 300, or PC 110 in the context of the present instruction, the message is suitably stored in data output 

invention which provides adequate security against unau- 60 buffer 1810 of RAM 1802 (step 2310), for subsequent 

thorized detection of the underlying confidential data. processing, e.g., modem transmission to host computer 102. 

Referring now to FIGS. 21-38, the operation of system Thereafter, the contents of PC interface temporary buffer 

100, and particularly the operational states of module 214, 1808 are reset to empty (step 2320), then the system again 

will now be described. returns to its pre-interrupt state (step 2322). 

With particular reference to FIG. 21, upon powering up of 65 Returning now to step 2308 of FIG. 23, if the data 

module 214, a reset signal is applied to reset port 1310 of received is a command instruction, the system determines if 

processor 1212 (step 2102). the command instruction corresponds to a mode change 
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(step 2312). If not, the data is stored in command register The system detects whether a subsequent mode change 

1812 of RAM 1802 for possible subsequent use within the command has been received (step 2504); if so } the system 

then current mode (step 2316); the system then proceeds to returns to system redirect step 2104. If no mode change has 

step 2320, as described above. If the message received from occurred, module 214 waits until a keypress is detected (step 

PC 110 corresponds to a mode change command ("yes" 5 2506) or, alternatively, until a mode change is detected (step 

branch from step 2312), the then current mode is written into 2504). 

previous mode register 1806 (step 2314), and the newly More particularly, processor 1212 scans ports pb0-pb3 

received mode is written into current mode register 1804 of and ports pe0-pe2 (see FIG. 13) corresponding to rows 1-4 

RAM 1802 (step 2318). The system then proceeds to step and columns 1-3 of keypad 1102, respectively (see FIG. 14). 

2320, as described above. io When a keypress is detected, the system determines if the 

With continued reference to FIG. 21, upon receipt of a depressed key corresponds to one of the numbers 0-9 (step 

message from PC 110, processor 1212 interrogates current 2508); if so, module 214 suitably sends a signal to PC 110 

mode register 1804 and, in accordance with the contents of to cause a "dummy" indicia of the depressed key to screen 

register 1804, answers the appropriate operational mode 202 (FIG. 2). 

from main loop 2100, In the context of start up operation, the is More particularly, the operational program stored in sec- 
system is suitably configured to enter transparent mode (step tor 1904 of ROM 1902 (FIG. 19) of processor 1212 suitably 
2110). includes an operating code which permits module 214 to 

Referring now to FIG. 24, transparent mode 2110, just as communicate with PC 110 in a manner which emulates the 
with various other operational modes described below, manner in which conventional keyboards (e.g., keyboard 
determines whether a subsequent mode change has been 20 206) typically communicate with box 204. In a preferred 
received since entering transparent mode 2110 (step 2402). embodiment of the present invention, the operating code 
If a mode change is received, the system enters the system governing the operation of module 214 is suitably config- 
redirect state (step 2106); (see also FIG. 21) and enters the ured in accordance with any suitable protocol, for example 
newly selected mode. If a mode change has not occurred, the protocol employed by IBM in its PCs or any other 
processor 2112 interrogates previous made register 1806 to 25 suitable derivative or variant thereof, to thereby permit 
determine if the previous mode corresponds to transparent module 214 to communicate with box 204 in a manner 
mode (step 2404). If the previous mode corresponds to which emulates conventional communication between key- 
transparent mode, the system proceeds to step 2410. If the board 206 and box 204, data transmission and other com- 
previous mode was not transparent mode, the system com- munication between module 214 and box 204 may be 
mands the keyboard to clear its internal buffers and to set 30 conveniently and efficiently carried out in a manner which is 
previous mode register 1806 to transparent (step 2408). essentially transparent to box 204; that is, when box 204 
More particularly, if the previous mode was not transparent receives data and/or information from module 214, box 204 
mode, it is possible that spurious keystrokes may have been interprets the data just as though box 204 had received it 
entered into keyboard 206, which keyboard data may be from keyboard 206. Similarly, when box 204 transmits data 
stored in buffers internal to keyboard 206 and not shown in 35 and/or information which is received by module 214, box 
FIG. 2. In order to prevent data corresponding to these 204 configures the data/information packages in the same 
spurious keystrokes from being transmitted to PC 110, the manner in which box 204 would normally configure the data 
keyboard internal buffers are cleared (step 2408). Thereafter, for receipt by keyboard 206. By leveraging presently known 
the system enables the interface between keyboard 206 and data transmission protocols in this manner, module 214 may 
PC 110 (step 2410). 40 be conveniently interposed in series between the keyboard 

More particularly, and with reference to FIGS. 12, 13, and and the keyboard port on the PC of essentially all PCs which 

15, step 2410 of FIG. 24 suitably entails processor 1212 comport with industry recognized protocol schemes, 

generating a buffer enable signal at port pb4, and transmit- With continued reference to FIG. 25, if a keypress cor- 

ting the buffer enable signal to control gate (switch) 1222. In responds to a 0 through 9, the system waits until the key is 

response, internal switches a-d of switch 1222 are closed, 45 released (step 2518) before capturing the data. In this way, 

establishing direct communication between PC 110 and the system desirably avoids capturing repetitive data which 

keyboard 206 through connector 212, bus 1218, switch may often be generated by many key pads which are 

1222, bus 1219, and connector 210. Thereafter, the system specifically configured to continuously generate repetitive 

continues to cycle through transparent mode 2110, permit- keystroke data when a particular key is held down by the 

ting normal operation of keyboard 206 with respect to PC 50 user. 

110. The system will continue to cycle through transparent Return now to step 2508, if the keypress was not a 0 

mode 2110 until a subsequent message is received from PC through 9, the system determines if the keypress corre- 

110. sponds to an "Enter" (step 2512); if so, a message corre- 

Returning now to FIG. 21, the system may also receive a sponding to an "Enter" command is transmitted from mod- 
command to enter scan mode (step 2112), for example in 55 ule 214 to PC 110 (step 2514), indicating that entry of the 
response to a scan mode request from PC 110 (see step 806, confidential data (e.g., PIN) is complete. If, on the other 
FIG. 8), whereupon processor 1212 causes module 214 to hand, the keypress does not correspond to an "Enter", the 
enter the scan mode of operation (step 2114), system determines the identity of the keypress. In the 

More particularly and referring now to FIG. 25 (scan context of the illustrated embodiment, If the keypress does 

mode 2114) generally involves "scanning" the circuitry 60 not correspond to a 0 through 9, and further does not 

associated with keypad 1102 (FIG. 14) to detect data (e.g., correspond to an "Enter", the system concludes that the 

PIN) entered into keypad 1102 by the user. keypress corresponds to a "Cancel" (step 2516). Thus, 

With continued reference to FIG. 25, scan mode operation module 214 transmits a message to PC 110 indicating that 

involves, inter alia, initializing PIN entry buffer 1814 of entry of the confidential data has been canceled by the user. 

RAM 1802 to empty (step 2502), to prepare the PIN buffer 65 Upon release of the depressed key by the user (step 2518), 

to receive data which is about to be entered onto keypad the system determines if the keypress corresponds to a 0 

1102 by the user. through 9 (step 2520); if so, the particular numeric keypress 
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is suitably stored in PIN entry buffer 1814 of RAM 1802 the user to swipe his transaction card through card swipe slot 

(step 2524), and the system returns to step 2504 to await the 1104 of module 214 (FIG. 11), for example as discussed 

next keypress. above in connection with step 716. 

If the keypress corresponds to a "Cancel" (step 2522), the Referring now to FIG. 27, upon entering the swipe 

systems restores PIN entry buffer 1814 to empty (step 2528) 5 operational mode, processor 212 suitably initializes (clears) 

and returns to step 2504 to await either a mode change or a respective swipe data input buffers 1820, 1822 of RAM 

subsequent keypress. 1802 (step 2702). The system then looks for a mode change 

If the keypress corresponds to an "Enter" ("yes" branch of (step 2704), and returns to system redirect state 2106 if a 

step 2522), module 214 suitably encrypts the data stored in mode change is detected. Otherwise, the system sets a swipe 

PIN enter buffer 1814 (step 2526), as discussed in greater 10 timeout counter to a predetermined maxtime during which 

detail below in conjunction with FIG. 26. the transaction must engage the card reader (step 2706). In 

Although the illustrated embodiment is described in the a preferred embodiment, the predetermined value of this 

context of numeric (i.e., "0" through "9") PIN data, it will maxtime, on the order of 15 seconds, is suitably stored in 

be appreciated that the confidential data entered into module swipe time-out register 1824, of RAM 1802. 

214 may be of any suitable form, e.g., numeric, alpha, is The time-out counter is successively decremented (step 

alphanumeric, ASCII, binary, or any other suitable modality. 2708) until the software timer resident in sector 1824 

Referring now to FIG. 26, the encryption operation 2526 reaches zero (step 2710), whereupon the data then resident 

suitably proceeds as follows. Once the confidential data in buffers 1820, 1822 are transmitted to PC 110 (step 2714). 

(e.g., PIN) is entered onto keypad 1102 by the user, proces- Alternatively, rather than waiting until the maxtime counter 

sor 1212 retrieves the data from personal account number 20 counts down to zero, the "swiped" data may be transmitted 

register 1818 of RAM 1802 and the PIN from buffer 1814 to PC 110 when processor 1212 determines that respective 

(step 2602). These data, alone or in conjunction with other input buffers 1820, 1822 are full (step 2712). 

data, are suitably combined and encrypted in any suitable Upon the first to occur of the timing out of these swipe 

matter (step 2602). In a preferred embodiment, these data timeout timer (step 2710) or a detection that the swipe input 

may be suitably combined in accordance with ANSI speci- 25 buffers are full (step 2712), the data within card swipe 

fication X9 .24-1992. The data is suitably encrypted in accor- buffers 1820, 1822 are transmitted to PC 110 (step 2714). 

dance with ANSI standard X3. 92-1 981 or any other desired With momentary reference to FIGS. 12 and 16-17, recall 

encryption technique. More particularly, the foregoing com- that magnetic 15 strip reader circuit 1206 "reads" the data 

bination and encryption algorithms are desirably resident in from the magnetic strip on a transaction card through 

operational program sector 1904 of ROM 1902, and operate 30 magnetic head reader 1602 (or magnetic head readers 1603 

in conjunction with encryption key information suitably (a), 1603 (b) in FIG. 17) whereupon reader circuit 1206 

stored in EEPROM 2002 (see FIGS. 19 and 20). By storing applies an output signal (corresponding to one or both of "ch 

the encryption key data in nonvolatile memory (i.e., 1 swipe" and" ch 2 swipe") to ports paO and pal of processor 

EEPROM), system integrity and security is enhanced. 1212, respectively, as discussed in detail above. 

With continued reference to FIG. 26, upon encrypting the 35 More particularly and with reference to FIGS. 16 and 28, 

data in accordance with step 2602, the encrypted data is as a transaction card bearing a magnetic strip is drawn 

suitably written into the next successive location in through card reader slot 1104 (see FIG. 11), magnetic reader 

encrypted PIN sector 1816 of RAM 1802 (step 2604). head 1602 outputs alternating high and low voltage levels 

Thereafter, the address corresponding to the location in corresponding to the data encoded on the magnetic strip, 

sector 1816 wherein the encrypted data is written is trans- 40 Upon the detection of a first output level from schmidt 

mitted to PC 110 (step 2606). More particularly, and with trigger 1612, for example a logic high value, a hardware 

momentary reference to FIG. 2, once the data is encrypted timer (not shown) resident in processor 1212 is stopped, and 

within module 214, the location of the encrypted data is the time at which this timer is stopped is suitably saved in 

transmitted to PC 110 via connector 212, such that unen- swipe timer register 1826 of RAM 1802 (see FIG. 18) (step 

crypted confidential data need not be transmitted from 45 2802). The card swipe timer is again reset to zero and 

module 214 to PC 110 in order to effect a transaction. restarted, awaiting the detection of a next predetermined 

After encrypting the data, processor 1212 suitably creates voltage level from schmidt trigger 1612 (step 2802). 

a new unique key for use in a subsequent encryption process In conjunction with the timer data retrieved in step 2802, 

and stores the new key in future encryption key sector 2004 processor 1212 determines if the output of schmidt trigger 

of EEPROM 2002 (step 2608). In accordance with one 50 1612 corresponds to a predetermined logic state (e.g., a zero 

aspect of the present invention, the new encryption key may or a one) (step 2804). This logic data may then be stored in 

be generated in accordance with any suitable scheme which successive bit locations in the appropriate swipe input buffer 

is compatible with the encryption algorithm executed in step (e.g., buffer 1820, 1822) (step 2804). The system then 

2602. In accordance with a preferred embodiment, a new determines if the swipe input buffer(s) is full (step 2806). If 

unique encryption key may be generated in accordance with 55 the swipe input buffer is full, a buffer full flag is suitably set 

ANSI X9.24-1992. in swipe buffer full flag register 1828 of RAM 1802 (FIG. 

Upon transmitting indicia of the encrypted data from 18) (step 2808), which permits processor 1212 to determine 

module 214 to PC 110, PC 110 continues to execute the when the swipe input buffer(s) is full (see step 2712, FIG. 

application program residence therein, as described above in 27). 

detail in connection with FIGS. 4-10. 60 Returning now to step 2806 of FIG. 28, if the swipe input 

Returning now to the main control loop 2100 of module buffer(s) is not full, the aforementioned software timer is 

214 (FIG. 21), module 214 may also elect to enter card reset to a maximum bit interval value (step 2810), and the 

swipe mode 2118 (step 2116). More particularly, and with process returns (step 2812) to the point at which it left the 

momentary reference to FIG. 7, PC 110 may request module process set forth in FIG. 27, whereupon the process of FIG. 

214 to enter the card swipe operational mode, for example 65 28 is repeated on a bit-by-bit interrupt basis until all the 

at a point during the execution of the application software appropriate data is "read" from the magnetic strip on the 

resident in PC 110 where such application software prompts transaction card. Note, however, that the entire process of 
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accumulating the card swipe data occurs in a very short interfaced with module 214, it may be particularly, advan- 

period of time, for example ten milliseconds to one second, tageous for processor 1212 to control the modem operation, 
as a card is drawn through card reader slot 1104 (FIG. 11). With continued reference to FIG. 30, modem operation 

Returning now to FIG. 21, module 214 is also configured 2126 suitably (entails an initialization of modem 1202 (step 

to enter print mode 2122 from main loop 2100 (step 2120) 5 30( >2). module 214 then determines if a mode change has 

for example upon a request to do so from PC 110 (see step occurred (step 3004) and, if so, the system returns to system 

816 FIG 8) redirect 2106. If a mode change has not occurred, the system 

Referring now to FIG. 29, print operation mode 2122 determines if data output buffer 1810 contains the data to be 

suitably entails initializing the printer (step 2902), for transmitted via modem (ste^^ 

t . . j j *L Jrt in buffer 1810, the system returns to step 3004 and continues 

example to establish various hardware and software param- 10 between ^ ^ and 3 ^ ^ ^ ^ [& 

eters associated with the printing process. In this regard, and ^ ^ 1810 or F until a raode change occurs . 
^ briefly discussed above, the printer may be affiliated with When data buffer 181Q comains lhe app riate 

PC 110, for example by connecting a printer directly to box data tQ be transmitted via modem, processor 1212 retrieves 

204, or by connecting the printer to PC 110 via a suitable lhe data from output igio and transmits the data via modem 

networking configuration. Alternatively, the printer may 15 t0 host computer 102 (step 3008). When it is desired for 

interface directly with the encryption module, for example at module 214 to receive data via modem, for example from 

connector 310 of module 300 (FIG. 3 or, alternatively, at host computer 102, processor 1212 may be suitably config- 

peripheral device module 1200 of module 214 as shown in ured to retrieve the data from modem 1202, for example at 

FIG. 12). modem interrupt port pa2. 

With continued reference to FIG. 29, the system deter- 20 Referring now to FIG. 31, PC 110 suitably transmits a 

mines if a mode change has occurred (step 2904) and, if so, request to module 214 to transmit data via the modem 

returns to system redirect step 2906. connected to module 214. More particularly, a modem 

The system then determines if the data to be printed is interrupt message is applied to port pa2 of module 1212 by 

currently available, for example by, interrogating data output modem 1202. Module 214 then determines if the message 

buffer 1810 (FIG. 18) (step 2908). If the data is not available, 25 corresponds to a "data received" interrupt (step 3102) or a 

the system returns to step 2902 to await the data to be modem transmit interrupt (step 3104). If a data received 

printed. If the data is available ("yes" branch of step 2908), interrupt occurs ("yes" branch of step 3102), indicating that 

the system determines if the printer is ready (step 2930). In data has been received at modem 1202, the data received at 

this regard, the printer to be checked will likely be connected modem 1202 is retrieved by processor 1212 and transmitted 

to module 214, inasmuch as it would not typically be 30 to the PC via connector 212 (step 3106). 
necessary to execute print operation 2122 if the printer were If the modem interrupt message corresponds to a modem 

connected to PC 110. Stated another way, if PC 110 is transmit request (step 3104), processor 1212 retrieves the 

equipped with a printer, the print operation may be con- data to be transmitted from buffer 1810 and applies the data, 

trolled directly by PC 110, while the print operation as set for example on a byte-by-byte basis, to modem 1202 (step 

forth in FIG. 29 is appropriately controlled by module 214 35 3108). 

if the printer employed in the context of the present inven- If the modem interrupt corresponds to neither a data 

tion is interfaced with module 214. received or a data transmit message, an error message is 

With continued reference to FIG. 29, if the printer is not suitably sent to the PC (step 3110). 
ready, module 214 suitably sends a command to the PC After data which is received at modem 1202 is retrieved 

indicating that the printer associated with module 214 is not 40 and sent to PC 110 (step 3106), and after data is sent by 

ready. In this regard, PC 110 may prompt the user to correct processor 1212 from buffer 1810 to modem 1202 (step 

the printer situation, for example as described above in 3108), the system returns (step 3112) to the low level 

conjunction with FIG. 7. process of FIG. 30, and the process is repeated for each 

If the printer associated with module 214 is ready, the data successive interrupt generated by modem 1202. 
resident in data output buffer 1810 is transmitted to the 45 Referring now to FIGS. 21 and 32, module 214 may be 

printer, for example via serial bus 1211 (see FIG. 12). In suitably configured to enter bar code operational mode 2130 

accordance with the preferred embodiment, the data to be (step 2128), for example in response to a request to do so 

printed is transmitted to the printer in serial fashion; hence, from PC 110. Bar code operation 2130 suitably entails 

the process set forth in FIG. 29 is desirably repeated until the determining whether a mode change has occurred (step 

data present in data output buffer 1810 is sequentially 50 3302) and, if so, returning to system redirect step 2106. If a 

transmitted to the printer. mode change has not occurred, data may be input from a 

Returning now to main loop 2100 (FIG. 21) and with general purpose module 1210, for example a bar code reader 

reference to FIG. 30, module 214 is suitably configured to (step 3204). Once the bar code or other data is received by 

enter modem mode 2126 (step 2124), for example in module 214, it may be appropriately transmitted to PC 110, 

response to a request to do so from, PC 110 (see step 710, 55 as desired (step 3206). 

FIG. 7). Referring now to FIGS. 21 and 33, module 214 may be 

As briefly discussed above, the present invention may be suitably, configured to execute a smart card operation 2134 

configured to transmit data and information from PC 110 to (step 2132), for example in response to a request from PC 

host computer 102 in any convenient manner, for example 110 to do so. In this regard, although many of the various 

via a modem associated with PC 110 or, alternatively, 60 functional features associated with module 214 (e.g., 

modem 1202 associated with module 214 (or modem con- modem operation 2126, print operation 2122, swipe opera - 

nector 308 associated with module 300; FIG. 3). If data is tion 2118, and the like) are initiated in response to a request 

transmitted from PC 110 via a modem associated with PC from PC 110 in accordance with the embodiment described 

110, it would not generally be necessary for module 214 to herein, it will be appreciated that the various operational 

execute modem operation 2126; rather, the modem opera- 65 states of module 214 may suitably be effected in any desired 

tion may be effectively carried out by PC 110. If, on the other manner, for example by entering appropriate commands 

hand, modem operation is to be effected through a modem directly into module 214. 
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With continued referenced to FIG. 33, smart card mode 
2134 suitably entails determining whether a mode change 
has occurred (step 3302) and, if so, returning to system 
redirect step 2106. 

If no mode change has occurred, the system determines if 
data is to be read from a smart card (step 3304). In this 
regard, and as briefly stated above, such a request may come 
from PC 110, or may be otherwise effected by the user, for 
example by entering a particular code or depressing other 
buttons (not shown) onto keypad 1102 (FIG. 11). 

If data is to be read from a smart card ("yes" branch of 
step 3304), data is retrieved by processor 1212, for example 
via smart card, reader 1208 (FIG. 12). Upon retrieving the 
data from the smart card, the data may be transmitted to PC 
110 (step 3306). 

As discussed above, module 214 may also be configured 
to write data into a smart card. In this case, the appropriate 
data to be written into the smart card may be suitably 
retrieved from data output buffer 1810 and applied to smart 
card circuit 1208 (steps 3308, 3310). 

Referring now to FIGS. 21 and 34, module 214 in the PC 
application software discussed above in conjunction with 
FIGS. 4-10 may be suitably configured such that the appli- 
cation software resident in PC 110 must first validate module 
214 before permitting the transmission of encrypted data or 
otherwise performing functions described herein. More 
particularly, in view of the importance of maintaining secu- 
rity in the context of real time funds transfer authorization, 
it may be desirable to permit PC 110 (e.g., through software) 
to confirm that module 214 embodies satisfactory security 
features before effecting transactions. 

With continued reference to FIGS. 21 and 34, module 214 
may be suitably configured to enter a system validation 
mode 2138 (step 2136), for example in response to a request 
from the user or from PC 110 to do so. System validation 
mode 2138 entails, inter alia, a determination of whether a 
mode change has occurred (step 3402) and, if so, the system 
may be configured to return to system redirect step 2106. 

Module 214 may then be configured to receive and/or 
retrieve validation data from PC 110, which validation data 
either confirms that the application software running on PC 
110 is compatible with module 214; alternatively, the vali- 
dation data may permit module 214 to run a self-check to 
determine if adequate security mechanisms are in place. 
Module 214 may then confirm that it is compatible with the 
software resident on PC 110 (step 3406). If the system 
determines that either module 214 or the application pro- 
gram running on PC 110 are not "valid" according to 
predetermined validation criteria, module 214 may be con- 
figured to either disable itself or to disable the software 
running on PC 110 step 3408). 

Referring now to FIGS. 21 and 35, module 214 may 
suitably be configured to execute a bit operation 2142 (step 
2140), for example in response to a request from PC 110 or 
the user to do so. 

Bit operation 2142 suitably determines if a mode change 
has occurred (step 3502) and, if so, returns the system to 
system redirect step 2106. If a mode change has not 
occurred, module 214 may execute any number of built-in 
tests (bits) (step 3504), for example testing various data 
transmission and retrieval processes, testing the presence 
and/or functionality of various peripheral devices, or execut- 
ing the various wraparound and/or auditing facilities set 
forth in FIG. 1. 

From time to time during the operation of PC 110, it may 
be desirable to transmit encrypted data from module 214 to 
PC 110. With continued reference to FIG. 21 and referring 
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also to FIG. 36, module 214 may thus be configures to 
selectively enter retrieval mode 2146 (step 2144), for 
example in response to a request to do so from the user or 
from PC 110, 

5 Retrieval mode 2146 suitably entails, inter alia, determin- 
ing whether a mode change has occurred (step 3602) and, if 
so, returning the system to system redirect step 2106. If a 
mode change has not occurred, indicating that the system 
remains in retrieval mode, module 214 waits for a request 

10 from PC 110 for the encrypted data, which request may 
include the address in sector 1816 of RAM 1802 (FIG. 18) 
where the desired encrypted data is stored (step 3604). Upon 
receipt of a request from PC 110 to transmit encrypted data, 
module 214 retrieves the encrypted data from an appropriate 

15 location in memory (e.g., encrypted PIN holding area 1816), 
and sends the encrypted data to PC 110 (step 3606). Upon 
doing so, processor 1212 may suitably reset encrypted PIN 
holding area 1816 back to empty. 

Referring now to FIGS. 37-39, various alternate embodi- 

20 ments of an encryption module in accordance with the 
present invention are illustrated. In connection with the 
embodiments shown in FIGS. 37-39, the concept of an 
encryption module is expanded to include an encryption 
module configured to be interposed between a PC and 

25 virtually any modality for inputting data to be encrypted, for 
example a keypad for manually entering confidential data, a 
serial port for receiving confidential data from virtually any 
electronic source, a smart card (or ICC) reader, a magnetic 
stripe reader, a bar code reader, a voice recognition circuit, 

30 an IRIS scanner, a finger print reader, thumb print reader, or 
palm print reader, a text scanner, or virtually any other type 
of input device. In this regard, it will be appreciated that the 
various input devices or hardware may be either integral 
with the encryption module (i.e., formed as a unitary con- 

35 struction with the encryption module), or the input devices 
may be connected to the encryption module via any secure 
medium. For example, the data input device may be con- 
nected to the encryption module via a hard wired commu- 
nication link, an infrared (IR) connection, a radio frequency 

40 (RF) coupled connection, or the like. 

In accordance with a preferred embodiment, it is desirable 
to isolate the communications link (either a hard wired link 
or otherwise) through which the data to be encrypted travels 
from the data acquisition device to the encryption module, 

45 on the one hand, from the generally non-propriety data 
communications bus (e.g, universal serial bus (USB)) which 
may facilitate communication between, inter alia, the 
encryption module and the PC. In this way, the unencrypted 
data remains isolated from the PC, rendering it nearly 

50 impossible to capture the unencrypted data from a modem or 
other device which may interface with the PC and which is 
not authorized to capture the unencrypted data. In the 
embodiment shown in FIGS. 37-39, it may also be desirable 
to configure the encryption module to receive confidential 

55 data from a remote source, for example from a credit card or 
a financial transaction authorization host computer, via 
telephonic, cable or RF link. In accordance with yet a further 
embodiment of the invention as illustrated in FIGS. 37-39, 
it may be desirable to configure the encryption module to 

60 communicate with one or more destinations for transmitting 
encrypted data, for example to a CRT, LCD or LED monitor, 
a credit card or financial transaction authorization host, a 
printer, or to another PC. 

Finally, it may be desirable to configure the encryption 

65 module to capture confidential data or information, and to 
transmit the unencrypted data to a local or remote destina- 
tion via a proprietary or otherwise secure communications 
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link; as an example, the encryption module may be config- Referring now to FIG. 37B, module 3702 may suitably be 

ured to capture confidential data from, for example, a smart equipped with one or more PC connectors 3706 and/or one 

card (ICC), and to transmit that data to a local printer, or more of peripheral device connectors 3708. In accordance 

computer, or other device for printing or viewing, i.e., by with a particularly preferred embodiment, connector 3706 

converting the unencrypted data from a smart card, 5 may suitably be employed to connect encryption module 

keyboard, etc. into an encrypted insignia, for example, a 3792 to a keyboard-type port on a conventional desktop 

two-dimensional bar code, or the like. This application may and/or laptop computer> f or example a PS/2 port, ADB port, 

be particularly useful in the context of printing an insignia, ^ ^ USfi rt i E EE488-type port, or the like. In 

wherein it is desirable to capture non-encrypted data, trans- ^ d if the e tion module ^ connect ed to the 

form that data mto encrypted pnntab e data, e.g (^aphic, «« k port of a laptop which already comprises an 

character, bar code) and then transmit the encrypted print- • . 1 1 f j •* , i_ * 

able data, to a printer, for example, to create a redeemable mte S ral keyboard, it may not be necessary to connec 

coupon, admittance ticket or postage. communications link 3708 to any other device; indeed, it 

Finally, FIGS. 37-39 further illustrate applications of the ma y desirable to omit connector 3708 from the device 

subject encryption module wherein the module is equipped entirely. In accordance with a further embodiment, even in 

to receive encrypted e-mail or other text data online, and to 35 situations where the encryption module is connected to the 

thereafter decrypt the information, for example to display keyboard port of a laptop device via connector 3706, it may 

information (e.g., on the associated PC) in a secure, off-line nonetheless be desirable to connect the encryption module to 

manner. a supplemental keyboard via connector 3708, as desired. In 

In this regard, the encryption module will protect the accordance with an alternate preferred embodiment, the 

confidential but non -encrypted data from being intercepted 20 device shown in FIG. 37B may be serially interposed 

by unauthorized persons that may be monitoring the unse- between a keyboard port (via connector 3706) and a periph- 

cure communications bus (e.g., USB, IEEE1394, or ADB). eral device (including but not limited to a keyboard) via 

Referring now to FIGS. 37A-C, an encryption module 3702 connector 3708, for example in the context of a conventional 

is suitably generally analogous in function to that described desktop computer. With continued reference to FIG. 37B, 

in conjunction with FIGS. 1-36. In particular, encryption 25 whether in the context of a desktop or a laptop computer, 

module 3702 suitably includes circuitry for encrypting (and/ connector 3708 may facilitate the interaction between 

or decrypting) confidential data and information, for encryption module 3702 and virtually any type of device for 

example by using encryption algorithms, techniques, keys, inputting confidential data, as described above, 

and the like which are resident within non-volatile ROM Referring now to FIG. 37C, an exemplary encryption 

(i.e., EEPROM) or other secure data storage device com- 30 module 3702 is suitably equipped to interface with a USB 

prising module 3702; alternatively, encryption module 3702 bus, an IEEE1394 firewire bus, or other general purpose bus 

may be configured to receive encryption algorithms, of a PC via a connection 3710. For a more thorough 

techniques, and the like from a remote source, as discussed discussion of general purpose PC bus specifications, see, 

in greater detail below. Universal Serial Bus Specification, produced by Compact, 

With particular reference to FIG. 37A, encryption module 35 Digital Equipment Corporation, IBM PC Company, Intel, 

3702 is suitably configured with a connector 3704 for Microsoft, and Northern Telecom, rev. 9, dated Mar. 31, 

interfacing module 3702 with a desktop PC, a laptop PC, or 1995 and subsequent revisions; see also, Guide to the 

virtually any other type of computer or communications Macintosh Family Hardware, by Apple Computer Inc., 2nd 

device. In particular, a communications link 3704, for Ed. The entire disclosure of the foregoing documents are 

example an RS/232 compatible link is configured to inter- 40 hereby incorporated herein by this reference, 

face with the serial port of a PC or laptop computer. More particularly, although the module shown in FIG. 

Inasmuch as this type of serial port typically communicates 37C may also be equipped with a "keyboard" or serial-type 

with a general PC databus (e.g., the PC's USB), it is connector as shown in FIGS. 37A and B, a module is 

desirable to ensure that the confidential data is first separately set forth in FIG. 37C for attachment to USB or 

encrypted by module 3702 before being transmitted along 45 IEEE1394 (firewire)-type buses to underscore the flexibility 

link 3704 to the PC. Moreover, as briefly discussed above of the various attachment modalities available for encryption 

and as discussed in greater detail below, the data to be module 3702. With continued reference to FIG. 37C, respec- 

encrypted may be acquired by module 3702 in virtually any tive input connections 3712, 3714, and 3716 may be 

desired manner, for example through the use of a data employed to attach the encryption module with one or more 

acquisition device which is integral with module 3702 or, 50 external devices, for example integral or remote data acqui- 

alternatively, by way of a data acquisition device which is sition devices, RF and IR couplers to printers, display 

connected to module 3702. In either case, the data to be devices, and the like. Of course, one or more of these 

encrypted may be acquired in virtually any manner, for connections could also be employed in conjunction with the 

example through the use of a PIN pad, keyboard, voice embodiments shown in FIGS, 37A and B. One or more of 

recognition circuit, scanner, magnetic stripe reader, smart 55 connections 3712-3716 may also employ USBor firewire- 

card reader, external serial port (which can be the same as or type protocols; however, it may be advantageous to employ 

different from the port to which link 3704 is connected), or "protected" protocols for the non-encrypted inputs, 

the like. Referring now to FIG. 38, a peripheral device 3802 

The present invention also contemplates embodiments suitably comprises a PC peripheral, for example a PIN pad, 
wherein module 3702 comprises a PC peripheral device, for 60 keyboard, mouse, or similar data input device or, 
example a keyboard, mouse, scanner, pin pad, or other alternatively, module 3802 may suitably comprise a stand- 
hardware device which may contain encryption capability. alone encryption module, having one or more data input 

With continued reference to FIG. 37, module 3702 (and functions integral therewith and/or connectable thereto. The 
particularly as shown in FIG, 37A) may be configured for module schematically shown in FIG. 38 is a more general- 
connection to a keyboard port (e.g., a PS/2 port) of a 65 ized version of the module shown in FIG. 37. In particular, 
conventional laptop computer, for example via communica- module 3802 suitably comprises one or more connectors 
tions link 3704. 3810, 3812, 3814 or connection to one for more pieces of 
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hardware, for example a PC or the like. In addition, one or 
more of links 3810-3814 may be configured for connection 
to a high resolution video monitor using, for example, an 
IEEE1394 "fire wire bus", or it may be configured for RF or 
IR communication with other systems. In addition, module 
3802 may suitably be configured to include one or more of 
respective connectors 3816, 3818, 3820 (and so on) for 
connection to one or more input peripherals (mouse, 
keyboard, scanner, voice input, etc.). In the context of the 
present invention, virtually any communication link may be 
employed, including any one or a combination of the fol- 
lowing: standard PC or other keyboard format; PS/2 format; 
Apple desktop bus (ADB); small computer system interface 
(SCSI); RS/232; parallel port; USB; IEEE1394 (fire wire); 
infrared; RF; fiber optics; PCMCIA; IDE; EIDE; SCSII; 
IEEE488, and the like. 

Referring now to FIG. 39, a more detailed schematic 
diagram of an exemplary encryption module or peripheral 
device analogous to that discussed in connection with FIGS. 
37 and 38 will now be described. 

An exemplary encryption module 3902 suitably 
comprises, in its simplest form, an acquisition input 3904 
and a PC connector 3926. As discussed above, acquisition 
input circuit 3904 may suitably include one or more data 
input modalities (e.g., ICC, keypad, magnetic stripe, and the 
like) which are integral with module 3902, connected to 
module 3902 either remotely or locally, or both. PC con- 
nection link 3926 is suitably configured to maintain com- 
munication between module 3902 and a desktop computer, 
laptop computer, notebook computer, or any other computer, 
peripheral, or other device to which it is desired to send 
encrypted data. Thus, connector 3926 may comprise an 
RS/232 connector, a PS/2 connector, a USB connector, an 
IEEE1394 (firewire) connector, or the like. 

Various essential components of module 3902 are omitted 
from the drawing for clarity, such as a processor or 
microcontroller, ROM for executing operating code, 
EEPROM for storing operating instructions, encryption 
software, and the like, RAM, power supply, and the like. 

With continued reference to FIG. 39, encryption module 
3902 also suitably includes an encryption engine 3924 to 
perform one or more different types of encryption (e.g., 
DES, RSA, elliptical curve public/private key management) 
using one or more encryption keys 3922 that are either 
resident and protected within encryption module 3902 (e.g., 
ROM, EEPROM) or which may be derived or retrieved by 
encryption module 3902, for example by communicating 
over one of the communication links associated with module 
3902 with a remote or local device connected to the module. 
In the case where the keys are resident and protected within 
module 3902, the module suitably includes means for pro- 
tecting the keys, for example, using interlocks which, when 
triggered by intruding or violating the device, will erase the 
contents of the volatile memory or otherwise destroy 
encryption keys 3922 or derivatives thereof. 

Encryption module 3902 may further comprise one or 
more exemplary connection links 3914, 3916, and 3918 (and 
so on) which may be connected to remote (or local) devices 
for receiving information, some of which may be desirably 
encrypted. In this way, confidential data may be obtained by 
module 3902, and manipulated, stored, or otherwise utilized 
by module 3902, in a secure (e.g., proprietary) environment. 
Moreover, some or all of the confidential data received by 
module 3902 may be encrypted, for example via encryption 
engine 3924, whereupon the encrypted data may be trans- 
mitted to a PC or other device via communication link 3926. 

In accordance with a further aspect of the present 
invention, additional communication links 3928, 3930, and 
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3932 may be provided to permit encrypted data to be 
transmitted to additional destinations. For example, it may 
be desirable to connect one of links 3928-3932 to a local or 
remote printer, for example to permit the printing of docu- 
ments (e.g., tickets to sporting events, concerts, and the like) 
which may comprise an encrypted portion, for example a 
two-dimensional bar code or other insignia. Alternatively, 
one or more of links 3928-3932 may be RF coupled, or 
connected in some other manner to an authorization network 
or other banking or related financial network, for example to 
permit module 3902 to obtain preauthorization or real-time 
authorization of a transaction while module 3902 is simul- 
taneously connected to a PC via communication link 3926. 

More particularly, module 3902 may be conveniently 
configured to communicate with a PC via communication 
link 3926. For example, while the user of a PC is connected 
to the Internet, reviewing various possible financial or other 
transactions, module 3902 may provide the ability to obtain 
transaction authorization while permitting the user of the PC 
connected via connector 3926 to remain on-line. For 
example, if the consumer is "shopping" on the Internet with 
his PC, and desires to effect a financial transaction, the 
consumer may obtain authorization for the transaction from 
a remote host via one of connectors 3928-3932. In this 
example, the remote host may prompt the user to input a PIN 
or other confidential piece of information, for example 
through an auxiliary speaker 3906, display 3908, or other 
device associated with module 3902. The user may then 
enter the confidential data through acquisition input circuit 
3904 or, alternatively, through one or more data input 
devices associated with connectors 3914-3918. Once the 
confidential data has been entered into module 3902, autho- 
rization for the transaction may be obtained, while main- 
taining a "fire wall" between the PC connected to connector 
3926 and the unencrypted data processed by module 3902. 
Once an authorization for the requested transaction has been 
obtained, that authorization number may be transmitted to 
the PC via connector 3926, and thereafter to the "merchant" 
with whom the consumer proposed to transact business on 
the Internet or other "shopping" environment. In accordance 
with a further aspect of this embodiment, the authorization 
number may be digitally signed by the remote host with its 
private encryption key prior to sending it to the encryption 
module. Accordingly, when the merchant receives the autho- 
rization number from the user via the encryption module, the 
merchant can authenticate the authorization number by 
checking or otherwise decrypting the digital signature. 

Alternatively, a user may desire to obtain digital cash, 
digitally signed documents, or other documents, data, or 
information which relate to a transaction or an application 
with which the user is involved. For example, while the user 
is operating his PC, which is connected to module 3902 via 
connector 3926, he may desire to contact a financial insti- 
tution or other entity via one of connectors 3928-3932 and 
perform the "encryption" function. For example, the user 
may enter data relating to a credit card account, bank 
account, or other data into acquisition input circuit 3904, and 
thereby retrieve digital coins or other encrypted data or 
information from a remote host, and thereafter use such 
encrypted data to perform an on-line or off-line transaction 
by transmitting the encrypted data to the PC, via encryption 
engine 3924, through connector 3926. In accordance with 
this aspect of the invention, the digital coins or other 
encrypted data may be stored in the encryption module or in 
a smart card for an unspecified amount of time prior to the 
user cashing in or otherwise using the digital money or other 
data. It will be appreciated that the foregoing examples may 
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be implemented via standard phone lines, modem hardware, 
RF couplers, IR coupling, data channels, or any other 
suitable modality. Indeed, it may be desirable to connect 
module 3902 to two or more PCs via links 3926-3932, 
wherein a first PC can be used to perform the on-line 
transaction, and the other PC may be used to obtain autho- 
rization. 

In addition, authorization, digital currency, and other data 
may be retrieved via a local or remote peripheral device or 
system which communicates with module 3902 on the 
"unencrypted" side of the software fire wall, i.e., via one of 
communication links 3914—3918, or through acquisition 
input circuit 3904. 

With continued reference to FIG. 39, a switch 3912 may 
suitably be employed to connect one or more of communi- 
cation links 3914-3918, and acquisition input circuit 3904 to 
the PC via communication links 3926-3932. A suitable 
switch may also be employed to select one or more of 
communication links 3926-3932. Although the "switch" is 
schematically shown as a mechanical/electrical switch, it 
will be appreciated that virtually any type or combination of 
hardware, software, firmware, or hybrid switching and/or 
connecting modalities may be employed. 

With continued reference to FIG. 39, display 3908 may be 
conveniently employed to permit the user to review various 
data fields in "clear text" format to confirm the accuracy of 
a transaction. For example, the dollar amount of a transac- 
tion could be displayed on the display device 3908 before a 
purchase is made to ensure that the proper amount of the 
transaction has been entered. Indeed, virtually any data or 
information may be displayed by module 3902 in any 
convenient modality (e.g, display 3908, speaker 3906, or the 
like), even if that information is of a confidential nature, so 
long as the data is properly encrypted before being trans- 
mitted to the PC or other device via connection links 
3926-3932. In this way, the security of the confidential data 
prior to encryption is upheld, inasmuch as access from the 
PC to encryption module 3902 via communication links 
3914-3918 is quite difficult, if not impossible through 
known techniques. 

With continued reference to FIG. 39, a further embodi- 
ment of module 3902 suitably exhibits a "plug-and-play" 
capability. More particularly, software resident within mod- 
ule 3902 suitably includes a plurality of software drivers 
advantageously configured to identify and accommodate 
virtually any data input device, whether integral with or 
connected to module 3902, which may be employed with the 
module. In this way, off the shelf data acquisition devices 
(scanners, magnetic stripe readers, smart card readers, and 
the like) may be purchased separately from module 3902, 
with the consumer enjoying the plug-and-play capability 
provided by the various software drivers which are prein- 
stalled into module 3902. 

Although the subject application has been described 
herein with reference to the appended drawing Figures, it 
will be appreciated that the scope of the invention is not so 
limited. Various modification in the design and implemen- 
tation of various components and method steps discussed 
herein may be made without departing from the spirit and 
scope of the invention, as set forth in the appended claims. 

I claim: 

1. A remote processing system, located at a first site, for 
interfacing with a host computer system located at a second 
site which is remote from said first site, the host computer 
system being of the type which includes a host modem and 
which is configured to facilitate financial transactions upon 
receipt from said remote processing system of a data packet 
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including an encrypted data field, said remote processing 
system comprising: 

a. a PC, comprising: 

(1) a first memory sector configured to store an inter- 
active software program; 

(2) a first processor configured to execute said software 
program; 

(3) an input port configured to communicate with said 
first processor; 

(4) a second modem configured to transmit said data 
packet from said PC to the host modem in accor- 
dance with said software program; and 

(5) a PC monitor having a two-dimensional, multi-line 
display; 

b. a PC keyboard and a second input device; 

c. an encryption module, configured to communicate with 
said second input device, connected in series between 
said PC keyboard and said input port, comprising: 

(1) an integral acquisition means; 

(2) a second processor configured to selectively encrypt 
data entered into said integral acquisition means and 
said second input device; and 

d. a data link configured to maintain communication 
between said encryption module and said PC input 
port. 

2. The remote processing system of claim 1, wherein said 
data link comprises a standard bi-directional interface bus. 

3. The remote processing system of claim 1, wherein said 
data link comprises an IR data link. 

4. A remote processing system, located at a first site, for 
interfacing with a host computer system located at a second 
site which is remote from said first site, the host computer 
system being of the type which includes a host modem and 
which is configured to facilitate financial transactions upon 
receipt from said remote processing system of a data packet 
including an encrypted data field, said remote processing 
system comprising: 

a. a PC, comprising: 

(1) a first memory sector configured to store an inter- 
active software program; 

(2) a first processor configured to execute said software 
program; 

(3) an input port configured to communicate with said 
first processor; 

(4) a second modem configured to transmit said data 
packet from said PC to the host modem in accor- 
dance with said software program; and 

(5) a PC monitor having a two-dimensional, multi-line 
display; 

(6) a PC keyboard; 

b. a second input device for receiving input data; 

c. an encryption module comprising: 

(1) acquisition input means for receiving input data; 

(2) an input port configured to interface with said 
second input device; and 

(3) a processor adapted to selectively encrypt said input 
data received from said acquisition input means and 
said second input device; 

d. a data link configured to maintain communication 
between said encryption module and said PC input 
port. 

5. The remote processing system of claim 4, wherein said 
acquisition input means comprises an alphanumeric keypad. 

6. The remote processing system of claim 4, wherein said 
acquisition input means comprises an apparatus configured 
to acquire biometric data. 
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7. The remote processing system of claim 4, wherein said 16. The remote processing system of claim 13, wherein 
acquisition input means comprises a magnetic stripe card said output peripheral comprises a means for communicat- 
reader. ing with a financial transaction authorization host. 

8. The remote processing system of claim 4, wherein said 17 remote processing system of claim 13, wherein 
acquisition input means comprises a smartcard reader 5 said peripheral comprises a standard computer 

9. The remote processing system of claim 4, wherein said nrinter 

input port is configured to interface with a PC mouse. lg ^ remote ^ of c)ajm 13 wherein 

10. The remote processing system of claim 4, wherein . . , * J . , . ~ 
said input port is configured to interface with an integrated said mod " le comprises a speaker unit for 
circuit card reader. 10 P rovidl °g audl ° information output. 

11. Theremoteproces S ingsystemofclaim4,whereinsaid 19 ^ remote Processing system of claim 13, wherein 
input port is configured to interface with a means for said first processor is further configured to identify and 
scanning graphical codes. accommodate said output peripheral. 

12. The remote processing system of claim 4, wherein 20. The remote processing system of claim 13, wherein 
said input port is configured to interface with a magnetic is said output peripheral is integral with said encryption mod- 
stripe card reader. ule. 

13. The remote processing system of claim 4, wherein: 21. The remote processing system of claim 4, wherein 
said remote processing system further comprises an out- said encryption module further comprises an integral two- 
put peripheral; and dimensional display screen. 

said encryption module further comprises a second port 20 22. 70(5 remole processing system of claim 4, wherein 
configured to interface with said output peripheral. said first processor is further configured to identify and 

14. The remote processing system of claim 13, wherein accommodate said second input device. 

said output peripheral comprises a means for printing a 23. The remote processing system of claim 4, wherein 
graphical representation of said encrypted data. said second input device is integral with said encryption 

15. The remote processing system of claim 13, wherein 25 module, 
said output peripheral comprises a PC monitor having a 

two-dimensional, multi-line display. ***** 
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